From 88f2bdb51dd2646bf965314f03aa847c66958087 Mon Sep 17 00:00:00 2001 From: vanjeff Date: Wed, 15 Apr 2009 03:03:28 +0000 Subject: fixed overflow issue when reading BMP file. git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@8084 6f19259b-4bc3-4df7-8a09-765794883524 --- IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c index 6f3addb2f2..ef0198df5c 100644 --- a/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c +++ b/IntelFrameworkModulePkg/Library/GenericBdsLib/BdsConsole.c @@ -587,7 +587,7 @@ ConvertBmpToGopBlt ( BMP_COLOR_MAP *BmpColorMap; EFI_GRAPHICS_OUTPUT_BLT_PIXEL *BltBuffer; EFI_GRAPHICS_OUTPUT_BLT_PIXEL *Blt; - UINTN BltBufferSize; + UINT64 BltBufferSize; UINTN Index; UINTN Height; UINTN Width; @@ -623,12 +623,19 @@ ConvertBmpToGopBlt ( // Calculate the BltBuffer needed size. // BltBufferSize = BmpHeader->PixelWidth * BmpHeader->PixelHeight * sizeof (EFI_GRAPHICS_OUTPUT_BLT_PIXEL); + if (BltBufferSize >= SIZE_4GB) { + // + // If the BMP resolution is too large + // + return EFI_UNSUPPORTED; + } + IsAllocated = FALSE; if (*GopBlt == NULL) { // // GopBlt is not allocated by caller. // - *GopBltSize = BltBufferSize; + *GopBltSize = (UINTN) BltBufferSize; *GopBlt = AllocatePool (*GopBltSize); IsAllocated = TRUE; if (*GopBlt == NULL) { @@ -639,7 +646,7 @@ ConvertBmpToGopBlt ( // GopBlt has been allocated by caller. // if (*GopBltSize < BltBufferSize) { - *GopBltSize = BltBufferSize; + *GopBltSize = (UINTN) BltBufferSize; return EFI_BUFFER_TOO_SMALL; } } -- cgit v1.2.3